Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2912 | 1 Konstanty Bialkowski | 1 Libmodplug | 2017-08-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset. | |||||
| CVE-2011-2913 | 1 Konstanty Bialkowski | 1 Libmodplug | 2017-08-29 | 6.8 MEDIUM | N/A |
| Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples. | |||||
| CVE-2011-2914 | 1 Konstanty Bialkowski | 1 Libmodplug | 2017-08-29 | 6.8 MEDIUM | N/A |
| Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples. | |||||
| CVE-2011-2915 | 1 Konstanty Bialkowski | 1 Libmodplug | 2017-08-29 | 6.8 MEDIUM | N/A |
| Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments. | |||||
| CVE-2011-2925 | 1 Redhat | 1 Enterprise Mrg | 2017-08-29 | 4.6 MEDIUM | N/A |
| Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | |||||
| CVE-2011-2940 | 1 Stunnel | 1 Stunnel | 2017-08-29 | 9.3 HIGH | N/A |
| stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2011-2944 | 1 Megalab | 1 The Uploader | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2011-2958 | 1 Ecava | 1 Integraxor | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2962 | 1 Invensys | 1 Wonderware Information Server | 2017-08-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls. | |||||
| CVE-2011-2964 | 1 Linuxfoundation | 1 Foomatic | 2017-08-29 | 6.8 MEDIUM | N/A |
| foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697. | |||||
| CVE-2011-2976 | 1 Mozilla | 1 Bugzilla | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie. | |||||
| CVE-2011-2977 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2017-08-29 | 2.1 LOW | N/A |
| Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6. | |||||
| CVE-2011-2978 | 1 Mozilla | 1 Bugzilla | 2017-08-29 | 5.0 MEDIUM | N/A |
| Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address (aka old_email field) for e-mail change notifications, which makes it easier for remote attackers to perform arbitrary address changes by leveraging an unattended workstation. | |||||
| CVE-2011-2979 | 1 Mozilla | 1 Bugzilla | 2017-08-29 | 5.0 MEDIUM | N/A |
| Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression. | |||||
| CVE-2011-3006 | 1 Mcafee | 1 Saas Endpoint Protection | 2017-08-29 | 6.8 MEDIUM | N/A |
| The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks. | |||||
| CVE-2011-3007 | 1 Mcafee | 1 Saas Endpoint Protection | 2017-08-29 | 6.8 MEDIUM | N/A |
| The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method. | |||||
| CVE-2011-3008 | 1 Avaya | 1 Secure Access Link Gateway | 2017-08-29 | 5.0 MEDIUM | N/A |
| The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information. | |||||
| CVE-2011-3009 | 1 Ruby-lang | 1 Ruby | 2017-08-29 | 5.0 MEDIUM | N/A |
| Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. | |||||
| CVE-2011-3013 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2017-08-29 | 5.0 MEDIUM | N/A |
| WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2011-3014 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2013-4204 | 1 Google | 1 Web Toolkit | 2017-08-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-11544 | 2017-08-22 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-11545 | 2017-08-22 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000124 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11366. Reason: This candidate is a reservation duplicate of CVE-2017-11366. Notes: All CVE users should reference CVE-2017-11366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000123 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12425. Reason: This candidate is a reservation duplicate of CVE-2017-12425. Notes: All CVE users should reference CVE-2017-12425 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000162 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12474, CVE-2017-12475, CVE-2017-12476. Reason: This candidate is a reservation duplicate of CVE-2017-12474, CVE-2017-12475, and CVE-2017-12476. Notes: All CVE users should reference CVE-2017-12474, CVE-2017-12475, and/or CVE-2017-12476 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000165 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11366. Reason: This candidate is a reservation duplicate of CVE-2017-11366. Notes: All CVE users should reference CVE-2017-11366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000166 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2017-1000167 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2017-1000202 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12933. Reason: This candidate is a reservation duplicate of CVE-2017-12933. Notes: All CVE users should reference CVE-2017-12933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000205 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9091. Reason: This candidate is a reservation duplicate of CVE-2017-9091. Notes: All CVE users should reference CVE-2017-9091 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000216 | 2017-08-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11104. Reason: This candidate is a reservation duplicate of CVE-2017-11104. Notes: All CVE users should reference CVE-2017-11104 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000175 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2017-1000177 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candidate is a reservation duplicate of CVE-2017-11097. Notes: All CVE users should reference CVE-2017-11097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000178 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11096. Reason: This candidate is a reservation duplicate of CVE-2017-11096. Notes: All CVE users should reference CVE-2017-11096 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000179 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11101. Reason: This candidate is a reservation duplicate of CVE-2017-11101. Notes: All CVE users should reference CVE-2017-11101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000180 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11100. Reason: This candidate is a reservation duplicate of CVE-2017-11100. Notes: All CVE users should reference CVE-2017-11100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000181 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-10976. Reason: This candidate is a reservation duplicate of CVE-2017-10976. Notes: All CVE users should reference CVE-2017-10976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000183 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11099. Reason: This candidate is a reservation duplicate of CVE-2017-11099. Notes: All CVE users should reference CVE-2017-11099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-1000184 | 2017-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11098. Reason: This candidate is a reservation duplicate of CVE-2017-11098. Notes: All CVE users should reference CVE-2017-11098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-1205 | 1 Ibm | 3 Rational Clearcase, Rational Clearquest, Rational Common Licensing | 2017-08-17 | 6.9 MEDIUM | N/A |
| Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. | |||||
| CVE-2011-1206 | 1 Ibm | 1 Tivoli Directory Server | 2017-08-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1208 | 1 Ibm | 1 Soliddb | 2017-08-17 | 7.8 HIGH | N/A |
| IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command. | |||||
| CVE-2011-1209 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack." | |||||
| CVE-2011-1224 | 1 Ibm | 1 Websphere Mq | 2017-08-17 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. | |||||
| CVE-2011-1306 | 1 Google | 1 Chrome Os | 2017-08-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors. | |||||
| CVE-2011-1308 | 1 Ibm | 1 Websphere Application Server | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1326 | 1 Fon | 2 La Fonera\+, La Fonera\+ Firmware | 2017-08-17 | 6.1 MEDIUM | N/A |
| Unspecified vulnerability on the La Fonera+ router with firmware before 1.7.0.1 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2011-1328 | 1 Radvision | 1 Iview Suite | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-1329 | 1 Walrus Digit | 1 Walrack | 2017-08-17 | 6.8 MEDIUM | N/A |
| WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file. | |||||